VulnerableCode Package Details - pkg:alpm/archlinux/binutils@2.27.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-tcnf-4f1g-aaac Aliases: CVE-2017-7227	GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.	2.28.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-tcnf-4f1g-aaac
Aliases:
CVE-2017-7227

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

2.28.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5jyx-ucn3-aaaa	The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.	CVE-2017-7226
VCID-bdsp-rb33-aaaq	The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.	CVE-2017-7224
VCID-wu7f-wxmc-aaam	GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.	CVE-2017-7223
VCID-xvrb-z3xf-aaap	The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.	CVE-2017-7225

Vulnerability

Summary

Aliases

VCID-5jyx-ucn3-aaaa

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

CVE-2017-7226

VCID-bdsp-rb33-aaaq

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

CVE-2017-7224

VCID-wu7f-wxmc-aaam

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

CVE-2017-7223

VCID-xvrb-z3xf-aaap

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

CVE-2017-7225

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:51.696431+00:00	Arch Linux Importer	Affected by	VCID-tcnf-4f1g-aaac	https://security.archlinux.org/AVG-937	36.0.0
2025-03-28T07:45:57.641365+00:00	Arch Linux Importer	Fixing	VCID-wu7f-wxmc-aaam	https://security.archlinux.org/AVG-936	36.0.0
2025-03-28T07:45:57.622696+00:00	Arch Linux Importer	Fixing	VCID-bdsp-rb33-aaaq	https://security.archlinux.org/AVG-936	36.0.0
2025-03-28T07:45:57.603994+00:00	Arch Linux Importer	Fixing	VCID-xvrb-z3xf-aaap	https://security.archlinux.org/AVG-936	36.0.0
2025-03-28T07:45:57.585411+00:00	Arch Linux Importer	Fixing	VCID-5jyx-ucn3-aaaa	https://security.archlinux.org/AVG-936	36.0.0
2024-09-18T02:02:12.592107+00:00	Arch Linux Importer	Affected by	VCID-tcnf-4f1g-aaac	https://security.archlinux.org/AVG-937	34.0.1
2024-09-18T02:01:00.565365+00:00	Arch Linux Importer	Fixing	VCID-wu7f-wxmc-aaam	https://security.archlinux.org/AVG-936	34.0.1
2024-09-18T02:01:00.541881+00:00	Arch Linux Importer	Fixing	VCID-bdsp-rb33-aaaq	https://security.archlinux.org/AVG-936	34.0.1
2024-09-18T02:01:00.519347+00:00	Arch Linux Importer	Fixing	VCID-xvrb-z3xf-aaap	https://security.archlinux.org/AVG-936	34.0.1
2024-09-18T02:01:00.500408+00:00	Arch Linux Importer	Fixing	VCID-5jyx-ucn3-aaaa	https://security.archlinux.org/AVG-936	34.0.1
2024-01-03T22:28:14.913018+00:00	Arch Linux Importer	Affected by	VCID-tcnf-4f1g-aaac	https://security.archlinux.org/AVG-937	34.0.0rc1
2024-01-03T22:27:16.927479+00:00	Arch Linux Importer	Fixing	VCID-wu7f-wxmc-aaam	https://security.archlinux.org/AVG-936	34.0.0rc1
2024-01-03T22:27:16.903670+00:00	Arch Linux Importer	Fixing	VCID-bdsp-rb33-aaaq	https://security.archlinux.org/AVG-936	34.0.0rc1
2024-01-03T22:27:16.879477+00:00	Arch Linux Importer	Fixing	VCID-xvrb-z3xf-aaap	https://security.archlinux.org/AVG-936	34.0.0rc1
2024-01-03T22:27:16.851349+00:00	Arch Linux Importer	Fixing	VCID-5jyx-ucn3-aaaa	https://security.archlinux.org/AVG-936	34.0.0rc1